Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Certificate Error for Exchange 2010

Posted on 2013-11-05
11
Medium Priority
?
93 Views
Last Modified: 2015-11-27
Hi,

 I keep on getting this error when users open Outlook.

The error
I am unsure how to test but the certificate was issued with the ngcpost2.gallery.ca

Could it be related that the PRT record points to *.gallery.ca? for some reason this was implemented by the webteam.

Thank you.
0
Comment
Question by:Pots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
11 Comments
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39624303
create a record for ngcpost2.gallery.ca and that should clear it up.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 39624339
Is it SAN certificate or single name ? if so, does it include  ngcpost2.gallery.ca ?
0
 

Author Comment

by:Pots
ID: 39624453
It's a single name. I am checking with the ISP atm to see whats our PTR record at.

I am also changing to a SAN or the SSL company also recommended a UCC cert.

Is one better then the other?

All I'm looking to do is add more names in the future to enable the auto-discovery etc...

Thx.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 22

Accepted Solution

by:
Nick Rhode earned 2000 total points
ID: 39624510
Depends on how many domain names you are goin to add.  Typically with exchange a UCC is fine.  For example a GoDaddy cert allows for 5 domain names and it can be expanded.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 39624561
For exchange server to work properly, you need a UCC certificate .
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39624615
"For exchange server to work properly, you need a UCC certificate . "

Not true. It is perfectly possible to use Exchange with a single name certificate.

Given the failure messages I would expect that one of the host names in Exchange is wrong and the incorrect information is being returned by Autodiscover.

Go through them all using my guide here:
http://semb.ee/hostnames

Simon.
0
 
LVL 1

Expert Comment

by:SsbMs
ID: 39625412
you can follow below artical to suppress the AutoDiscover mismatch warning..

http://support.microsoft.com/kb/2783881

As per my undertanding you should add below host to your cert.

Autodiscover.domain.name
Host name of all CAS Server
comman URL for CAS Array.

Hope this will help.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39627121
@ ssbms
Your information is wrong.

You don't include the CAS Array to the SSL certificate as the host name for the CAS Array should be unique to that function and should not resolve externally.
The host name of the CAS servers - again you cannot include internal names on SSL certificates that are dated past November 2014, the SSL providers will not let you.

You don't even have to include Autodiscover.example.com, you can use SRV records.

Supressing the Autodiscover record is also not a great answer - while possible, if the SSL certificate is done correctly, completely unnecessary.

Simon.
0
 

Author Comment

by:Pots
ID: 39651375
Hi all,

 I have upgraded to a UCC certificate. Everything was going well until I enable the Autodiscovery in exchange and now I'm getting an error with the certificate mismatch now.

In the certificate I have added:

gallery.ca
autodiscovery.gallery.ca
ngcpost2.gallery.ca

Attached is the error. Now I know that autodiscover.gallery.ca is misstyped and I have change it but it still apprears.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39653087
There is nothing attached.

"enable the Autodiscovery in exchange"

What exactly do you mean by that, as it is not something that you can enable/disable.
Have you changed Exchange to use the host names on the SSL certificate and verified that they resolve internally to the correct place?

Simon.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question